Chef updates Habitat Base Plans and so should you

Chef updates Habitat Base Plans and so should you

Application automation software Habitat is due for a Base Plan refresh today, so don’t worry if you run into dependency errors later on.

Habitat belongs to the Chef product family and is a tool to programmatically and declaratively build, deploy, and manage applications and services. Artifacts created with the offering can be deployed and run on various environments, including virtual machines, containers, bare metal, and platform as a service. Since they include deployment and management capabilities, operation engineers have a somewhat consistent way to stay on top of update strategies, health checks, and service bindings across environments.

One of the central elements of Habitat is Builder, a component to store, automatically build – hence the name – and deploy packages. The latter are signed tarballs which are built from shell scripts, or “plans” as Chef calls them, and can include additional application lifecycle hooks and service configuration files.

According to a blog post, the Core Origin on Builder contains about 600 plans, which include services, binaries, and low level system libraries like GCC. About 80 of those are Base Plans that are used by nearly every other plan on Builder, and to build Habitat itself. If one is updated, all Base Plans depending on it and then again all that depend on those (Core Plans for example) need to be rebuild.

This is happening today (Tuesday, 29 January 2019), mainly to keep applications built on Habitat secure and fast. The refresh upgrades GCC from v7.3 to 8.2 and brings OpenSSL to version 1.0.2q, which keeps the CRIME (compression ratio info-leak made easy) vulnerability mitigated and offers a mode to operate in a FIPS compliant manner.

Since any plan within most Habitat users’ origin will depend on at least one of the Core Base Plans, those have to be rebuild as well – otherwise users will likely be confronted with a dependency error. The easiest way to get around that is to use the “Build Latest Version” button in Builder for all plans in a dependency chain. If an older version is needed however, all dependencies have to be pinned to an older version of the Base Plan (core/glibc/2.22 for example if this should be used instead of the latest available version 2.27)

More tips can be found on the Chef blog, but if assistance is needed during the update process, the Habitat Forums would be your best bet.